12. Still on the consuming server, to load the publishing server’s certificate, type the following line and press Enter:

$trustCert = Get-PfxCertificate "C:\PubCerts\PublishingRoot.cer"

13. To set up the trust using the certificate, type the following line and press Enter:

New-SPTrustedRootAuthority PublishingFarm -Certificate $trustCert

14. Return to the Management Shell on the publishing server.

15. To load the consuming server’s certificate, type the following line and press Enter:

$trustCert = Get-PfxCertificate "c:\ConsumerCerts\ConsumingRoot.cer"

16. To set up the trust using the certificate, type the following line and press Enter:

New-SPTrustedRootAuthority Collaboration -Certificate $trustCert

NOTEIf
you have multiple farms you want to trust, make sure in steps 13 and 16
that you use unique names for each farm for PublishingFarm and
Collaboration. Those names are used to identify the actual trust so you
cannot reuse them when setting up other farms to trust this farm. If
you are only setting up one trust you can just ignore this.

17. To load the consuming server’s STS certificate, type the following line and press Enter:

$stsCert = Get-PfxCertificate "c:\ConsumerCerts\ConsumingSTS.cer"

18. To add the STS certificate to the trust, type the following line and press Enter:

New-SPTrustedServiceTokenIssuer Collaboration -Certificate $stsCert

19. Return to the Management Shell on the consuming server.

20. Type the following line and press Enter:

Get-SPFarm | Select Id

21. Record that GUID for use later.

22. Return to the Management Shell on the publishing server.

23. To get the
security object for the Application Discovery and Load Balancer service
application, type the following line and press Enter:

That completes the process of establishing a
trust between the two farms so that the publishing server can serve up
service applications to the consuming farm. If you want to look at the
trusts or possibly remove one, you can do that through the GUI by
navigating to Central Administration ⇒ Security ⇒ Manage trust.

Publishing a Service Application

For this task, you could dive back into
PowerShell or you could use the GUI in Central Administration. Let’s be
“efficient” (i.e., lazy) and use the GUI. For this example, you will
publish a Managed Metadata service application:

1. On the publishing server, open Central Administration.

2. Navigate to Application Management ⇒ Manage service applications.

3. Click to the right of the service application you want to make available.

4. In the Ribbon, click Publish.

5. On the Publish Service Application page, check the box for “Publish this Service Application to other farms.”

6. For the
Publish URL, copy all of the string that begins with “urn:” and ends
with “.svc.” For example, it will be similar to the following:

10. Enter the farm ID of the consuming farm (refer to step 21 in the previous section, “Setting Up the Farm Trust”). Click Add.

11. Highlight the remote farm: <Your Farm ID>.

12. For
permissions, check the box to assign the permissions you wish to give
to the remote farm. The permissions available will vary according to
the service application being published.

13. Open Central Administration on the consuming farm and navigate to Application Management ⇒ Manage service applications.

14. From the Ribbon, click Connect.

15. Enter the URL for the service application you want to access from step 6 in this section. Click OK.

16. Click the service application name so that it is highlighted in yellow.

17. You can
specify whether this service application should be included in the
default service application group. When you are done, click OK.

18. Either accept the default connection name or enter your own. When you are finished, click OK.

19. At the Success screen, click OK.

You can now work with the service
application just as if it were part of your farm. The first time you
work through this process, take your time; it is easy to make a small
mistake that results in hours of troubleshooting.